RFR(XXS): 8144197: Possible use after free in Arguments::add_property function
David Holmes
david.holmes at oracle.com
Tue Dec 8 11:06:37 UTC 2015
Fix looks good. That was a subtle one.
Thanks,
David
On 8/12/2015 8:50 PM, Dmitry Dmitriev wrote:
> Hello,
>
> Please, can I get review for that small fix? Thank you!
>
> Dmitry
>
> On 01.12.2015 14:38, Dmitry Dmitriev wrote:
>> Hello,
>>
>> Please, review this small fix. JDK-8132725 removes memory leak in
>> Arguments::add_property function in
>> hotspot/src/share/vm/runtime/arguments.cpp module, but introduce
>> theoretical possibility of use after free of _java_command, because
>> _java_command used in reporting OOM errors. This can happen if
>> sun.java.command property is defined more than once and JVM can not
>> allocate memory for new java command when processing second(or later)
>> "sun.java.command" property. Thus sun.java.command can point to the
>> freed memory when reporting OOM error, because memory for
>> sun.java.command is freed before allocating new sun.java.command. Fix
>> is simple - free old sun.java.command only after allocating memory for
>> the new one. The similar thing is done for java.vendor.url.bug
>> property in case if fatal error occurred during allocation of new
>> java.vendor.url.bug property.
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8144197
>> webrev.00: http://cr.openjdk.java.net/~ddmitriev/8144197/webrev.00/
>> <http://cr.openjdk.java.net/%7Eddmitriev/8144197/webrev.00/>
>> Testing: locally, JPRT
>>
>> Thanks,
>> Dmitry
>
More information about the hotspot-runtime-dev
mailing list